Security

Following this procedure to allow an AD group to log into all Aruba controllers in our environment: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Howto-Authenticate-to-an-Aruba-Controller-via-Clearpass-and/td-p/94828

However, I get a java error when trying to configure this.  Tried on different computers, browsers, rebooted, etc.. I have all the firmware and updates available on Clearpass (v6.3.0.61712)

Create an Aruba Controller Login Service:
1. Configuration > Services
2. Click "Add Service"
3. Select "Type" of "RADIUS Enforcement ( Generic )"
4. Provide a name for the service, "Aruba Controller Logins"
5. Under "Service Rule" enter the following:
   i. Type - Connection
   ii. Name - "NAD-IP-Address"
   iii. Operator - "BELONGS_TO_GROUP" (this is where it errors out!)
   iv. Value - "Aruba Wireless"

error attached

ETA?

I edited the XML.. works like a charm.. THANK YOU!!!!!

Hi All

I am seeing the same error when loggin to policy manager (/tips) page with only a specific user group. We just upgraded from 6.2r to 6.3.4 yesterday. I am only getting the java error when trying to login with AU Help Desk privilege account.

Here is the xml for admin privilege

<?xml version="1.0" encoding="UTF-8" standalone="true"?>

-<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">

<TipsHeader version="6.3" exportTime="Fri Jul 18 15:03:38 EDT 2014"/>

-<AdminPrivileges>

-<AdminPrivilege description="A super administrator is allowed read/write access to all configuration elements" name="Super Administrator" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="con">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="dnd">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="sc">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="adm">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="A network administrator is allowed to configure all the policies in the system" name="Network Administrator" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="con">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="dnd">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="A help desk person logs in to troubleshoot problems reported by end users" name="Help Desk" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="mon.li.ag">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.ad">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.ac">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.sp">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.sy">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="A receptionist is allowed access to main monitoring screens" name="Receptionist" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="mon.li.ag">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.ad">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.ac">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.sp">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.sy">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="A read-only administrator is only allowed to read all configuration elements" name="Read-only Administrator" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="con">

<AdminTaskAction type="R"/>

</AdminTask>

-<AdminTask taskid="dnd">

<AdminTaskAction type="R"/>

</AdminTask>

-<AdminTask taskid="mon">

<AdminTaskAction type="R"/>

</AdminTask>

-<AdminTask taskid="sc">

<AdminTaskAction type="R"/>

</AdminTask>

-<AdminTask taskid="adm">

<AdminTaskAction type="R"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="An API administrator is only allowed API access to read/write all configuration elements" name="API Administrator" accessType="API" allowPasswords="true">

-<AdminTask taskid="con">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="dnd">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="sc">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="adm">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="AU InfoSec" name="AU InfoSec" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="con.id.sh">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

-<AdminPrivilege description="AU help desk" name="AU Help Desk" accessType="FULL" allowPasswords="true">

-<AdminTask taskid="con.id.gu">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="con.id.ep">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="mon.li.ad">

<AdminTaskAction type="RWD"/>

</AdminTask>

-<AdminTask taskid="con.id.sh">

<AdminTaskAction type="RWD"/>

</AdminTask>

</AdminPrivilege>

</AdminPrivileges>

</TipsContents>

Experiencing exactly the same issue as described in the post above. Updated to 6.3.2 and now cannot login to the Policy Manager using specific Privilige level. Works for the Super Admin level.

This was fixed by having Aruba engineer exporting the role and verifying with the role for which we are able to login to the server. Edited the XML file and imported back to the server. This resolved the issue.

What was the edit ?